Police Tapped Sprint Customer GPS Data 8 Million Times In A Year

Under a new system set up by Sprint, law enforcement agencies have gotten GPS data from the company about its wireless customers 8 million times in about a year, raising a host of questions about consumer privacy, transparency, and oversight of how police obtain location data.

What this means — and what many wireless customers no doubt do not realize — is that with a few keystrokes, police can determine in real time the location of a cell phone user through automated systems set up by the phone companies.

And while a Sprint spokesman told us customers can shield themselves from surveillance by simply switching off the GPS function of their phones, one expert told TPM that the company and other carriers almost certainly have the power to remotely switch the function back on.To be clear, you can think of there being two types of GPS (global positioning system). One is the handy software on your mobile device that tells you where you are and helps give driving directions. But there’s also GPS capability in all cell phones sold today, required by a federal regulation so if you dial 911 from an unknown location, authorities can find you.

Sprint says the 8 million requests represent “thousands” of individual customers — it won’t say how many exactly — and that the company follows the law. It’s not clear, however, if warrants are always needed, or whether they have been obtained by police for all the cases.

We know the 8 million number thanks to an Indiana University graduate student named Christopher Soghoian, who has made headlines before for investigations of privacy and tech issues.

At a recent professional security conference attended — and taped — by Soghoian, Sprint Manager of Electronic Surveillance Paul Taylor revealed the 8 million figure. “[T]he tool has just really caught on fire with law enforcement,” he said:

We turned it on the web interface for law enforcement about one year ago last month, and we just passed 8 million requests. So there is no way on earth my team could have handled 8 million requests from law enforcement, just for GPS alone. So the tool has just really caught on fire with law enforcement. They also love that it is extremely inexpensive to operate and easy

It’s useful to keep in mind that, as Sprint spokesman Matt Sullivan tells TPM, “every wireless carrier has a team and a system” through which police can access GPS data. Sprint is the company unlucky enough to find itself the focus of scrutiny, but it reportedly controls just 18% of the U.S. wireless market, making it the third largest carrier.

Sprint says the 8 million figure “should not be shocking given that Sprint has more than 47 million customers and requests from law enforcement and public safety agencies” include missing person cases, criminal investigations, or cases with the consent of the customer. (Read the company’s full statement here.)

Privacy advocates, though, are alarmed. “How many innocent Americans have had their cell phone data handed over to law enforcement?” asked Kevin Bankston, senior staff attorney at the Electronic Frontier Foundation, in a lengthy response to the revelation. He goes on:

How can the government justify obtaining so much information on so many people, and how can the telcos justify handing it over? …

What legal process was used to obtain this information? …

What exactly has the government done with all of that information? Is it all sitting in an FBI database somewhere?

Bankston calls on Congress “to pull the curtain back on the vast, shadowy world of law enforcement surveillance and shine a light on these abuses.”

Sullivan, the Sprint spokesman, tells TPM that for certain requests the police pay a fee to Sprint to cover costs. But it’s not just a question of paying an entry fee to access the system; Sullivan says there’s a legal process. “Before [law enforcement] can access any customer data, they have to show proper legal demand,” and “the parameters of the information they can receive is extremely specific, including the duration they can look at it and the specific data.”

It’s not clear, according to EFF, that “proper legal demand” always means a search warrant.

Julian Sanchez of the Cato Institute has chimed in with a look at the current state of the relevant law, including the 2005 reauthorization of the PATRIOT act. He concludes that it’s “quite likely that it’s become legally easier to transform a cell phone into a tracking device even as providers are making it point-and-click simple to log into their servers and submit automated location queries.”

Another key question: can customers disable the GPS on their wireless devices? Sprint’s Sullivan says its his “understanding” that privacy settings on phones can be set to turn off GPS, in which case, he says, police trying to conduct surveillance would not be able to track a phone.

But Jeff Fischbach, a California-based forensic technologist who has been a technical consultant on many criminal cases over the years, tells TPM he’s seen empirical evidence that the privacy settings are essentially meaningless. Again and again, he says, “I’ve seen GPS data from defendants who told me [the function] was switched off.”

Saying there’s nothing technically sophisticated about switching on GPS capability remotely, Fischbach observes that if it’s really possible to switch off GPS on a phone, “it would almost be like saying license plates are optional.”

We may be getting more answers soon. With buzz growing around Soghoian’s report, first posted on his blog, Sprint has been forced to respond publicly. Fischbach believes it’s only a matter of time before the company is forced to make more disclosures to the public.